Data Processing Addendum (DPA)

This Addendum supplements the Ethara™ Privacy & Integrity Policy and applies when Ethara™ Global Technologies Inc. processes Personal Data on behalf of a client (“Controller”).

1. Roles & Scope

Client acts as Controller; Ethara™ acts as Processor. This DPA governs data handling under the Master Services Agreement.

2. Processing Principles

• Process data only on documented instructions from the Controller.
• Implement least-privilege access and encryption in transit and at rest.
• Maintain confidentiality and security awareness training for all staff.

3. Security & Breach Response

Ethara™ maintains layered technical and organizational safeguards. Verified breaches are reported within 24 hours of confirmation.

4. Sub-processors

Ethara™ engages only vetted sub-processors under written agreements. The current list is maintained at /subprocessors/.

5. Cross-Border Transfers

All transfers outside the originating jurisdiction follow Standard Contractual Clauses (SCCs) or equivalent safeguards under GDPR, CPPA, and other frameworks.

6. Return & Deletion

Upon termination, Ethara™ deletes or returns data within 30 days, except where retention is legally required.

7. Cooperation

Ethara™ assists Controllers with data subject requests, DPIAs, and regulator inquiries.

Contact: dpo@ethara.app